While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world had a 667% increase within the last year that were using the coronavirus as a lure. What exactly is phishing? Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit cards numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and oftentimes only after their identity or finances are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised bank account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting, even more devastating attacks.

In the last decade, billions of people have had their information stolen from one, if not multiple, business sectors. Technology is constantly expanding, and with new technology comes new ways of hacking into seemingly secure data. As technology advances, people tend to forget about outdated technology and are lackadaisical about security. Outdated devices, human error, malware and theft are all things that contribute greatly to the possibility of a data breach. It’s important to ensure companies are well aware of all possible breaches in order to secure them. No business wants to face the PR nightmare other companies have.

There are 560,000 new pieces of malware detected every day, according to a report by AV-Test Institute. Malware is one of the most notorious threats to cybersecurity out there. However, there's a lesser-known type of malware called malvertising. Malvertising is a trap anyone could fall for, and businesses are susceptible to it.

Cyber-criminals utilize several types of display advertisements to distribute malware.

Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud; in fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or the workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention, you will be a victim of this as well.

On April 29th, one of the largest fuel pipelines in the U.S, Colonial Pipeline Co. was hacked, which led to major shortages in fuel across the East Coast. New information came out this weekend regarding what may have led to the weak spot in Colonial Pipelines system resulting in the attack on their network. Apparently, an old account was not decommissioned correctly and still had access to the network by virtual private network (VPN). As a result, a hacker was able to obtain the password from the dark web and used their illicit access to demand cryptocurrency in return of the Colonial Pipeline system. Colonial paid the hackers $4.4 million in order to avoid confidential information from getting leaked.

When it comes to external threats, there is a lot to know. An external threat is when someone from outside the company uses malicious software or hacking as a way to take advantage of system vulnerabilities. As a managed service provider, we get a lot of questions from our clients on external threats, so we decided to use our experience and knowledge to help educate users on the most common forms of external threats, ransomware and phishing. The first step to combating external threats, is understanding them.

You probably read a lot about external threats to your business's cybersecurity. Malicious actors can install malware, trick your employees with social engineering, and take advantage of security gaps to access your critical assets.

It was me. I am writing from the perspective of an intern who fell for a phishing scam, which is a type of social engineering attack, despite having gone through copious amounts of cybersecurity training. I will be sharing my thoughts and experiences on the timely issue in the hope that it will help deter you from making the same mistake. What is Phishing? Phishing, also called credential phishing, is a method that hackers use to gather a person's personal information through deceptive emails and websites. To do this a hacker will send out an email and they will appear to be a user of a reputable company or a familiar contact. The email will usually contain a request or a link that the hacker has set to look like a legitimate website, so that they get you to click on it. The website will ask you to “log-in” or provide personal information. The login credentials and personal information are then captured, and the hacker can begin to use the information they gathered to gain access to your company servers, resources, applications, and more. Phishing Emails are On the Rise Phishing scams are becoming increasingly prevalent, especially during the Covid-19 pandemic. Attacks have significantly increased on devices as more people begin working remotely. Being a victim of a phishing attack is nothing to be embarrassed about. As technology becomes more advanced and hackers are getting more skilled at sending personalized emails, it is getting harder and harder to recognize. Even the most secure companies cannot block all phishing attempts without the risk of blocking real business emails. For this reason, it is important to spread awareness about different phishing experiences people have had, including my own. Before I get into my story, I will point out that I was trained to look for red flags of phishing attacks and how to avoid getting scammed in both the past and during my internship onboarding. With that being said, I still seemed to find myself a predicament that so many had tried to help me avoid. The Time I Fell for a Phishing Scam Last summer while working as an intern, I had my first phishing scare. It was about one month in my internship, I went into the office, checked my computer, and saw an email from my company's CEO. This is not typical, so I should have been a little suspicious, but coincidentally I had just met the CEO for the first time the day before when he visited our Boston office. For this reason, I thought it made sense that he might be reaching out to ask me for a favor. In the email “Lou,” our CEO, asked me to purchase several gift cards that he would be surprising the sales team in the afternoon. He asked that I not tell anyone so that it could remain a surprise. As a college intern, I was not in the place to make this large purchase, but “Lou” informed me that after I bought the gift cards I would be fully reimbursed immediately. I still did not feel comfortable doing this, but “Lou” insisted and said I would be doing him a huge favor. He was putting me in a very tight spot which did not seem characteristic of him. Before heading out to secretly purchase them, I decided I should run it by one of my co-workers. He came over to my desk, to look at the email I had been sent, and he began laughing. I looked back at him, both confused and unamused. “What’s so funny!?” I said, to which he replied “Sarah, this is not Lou Usherwood- it’s a phishing scam.” I showed him the thread of messages and the signs of a phishing scam quickly began to reveal themselves. He pointed out that the email address did not match his usual company email address. That is when I realized I had fallen victim to my first phishing scam. Lessons Learned Although I was a victim of a phishing scam, the gift card scheme was both a minor incident and a thankfully unsuccessful attempt compared to what could have happened. Clicking on a link and beginning a ransomware attack or sending a wire fraud could have also easily been the outcome. It is extremely necessary to take precautions and become more educated in how to identify and avoid a phishing attack. Training your entire workforce using professionally developed phishing awareness courses will be crucial to your cybersecurity strategy. Everyone from a summer intern to the lifelong CEO should be required to take these phish trainings, as anyone can become a victim. Risk and mitigation of phishing attacks must be top of mind all the time when employees open emails. I hope my story will help you or someone you know prevent harm due to a phishing attack. How to Implement Phishing Tests for Employees Outsourced IT services are great resources that will offer recommended controls/protocols for phishing attacks. Some of the biggest red flags to look for included in the acronym S.L.A.M. or Sender, Links, Attachments, and Message. Read more about these signs in our blog: SLAM Dunk Your Email Security with These 4 Rules to Live By. Updated training modules, tests, and other phishing attack tools can help prevent phishing attacks from becoming successful. Phishing prevention starts at the top, so make sure to educate your leadership on types of attacks targeting high-ranking personnel (whaling attacks or spear phishing). Awareness and education are your first line of defense against cyber attackers. If you're interested in stepping up your cybersecurity game with an experienced security team, click the button below to explore the possibilities.

When we think of the dangers of "hacking," we often visualize our desktop computers as the victim. As a result, companies and individuals have taken extensive measures to protect this information, and rightfully so. The issue, however, is that as computers remain in the spotlight, sophisticated hackers have found a way to access a far less obvious object, the printer. Within the US, UK, France, and Germany, 60% of businesses have suffered from print-related data breaches within the last year.